Trouble getting the user object post login
-
Hiya,
A few troubleshooting tips:
- Is your user registered with the application to which they are trying to authorize?
- From https://github.com/FusionAuth/fusionauth-python-client/blob/master/src/main/python/fusionauth/fusionauth_client.py it looks like the signature is:
def exchange_o_auth_code_for_access_token(self, code, client_id, redirect_uri, client_secret=None):
so it seems you have theredirect_uri
and theclient_secret
transposed. - Do you have the
redirect_uri
set up correctly in the FusionAuth application config?
-
@dan Thanks for the response. I changed the call to
exchange_o_auth_code_for_access_token
swappingclient_secret
andredirect_uri
args. I made sure that the user is registered with the application to which they are trying to authorize and that theredirect_uri
is setup correctly in application config. I'm attaching screen shots from the FusionAuth app. I'm still getting a401
response.l would also would like to mention as an aside that the user is able to login successfully to this app. I get
401
for the auth code request post successful login.Redirect URI setup:
User Registration:
-
OK, so the user is able to login when you are logging them into the application directly, is that correct?
But you get a 401 whenever you are requesting a token.
Interesting.
Can you try to make a different call with the client object, just to make sure you are initializing it correctly?
client_response = client.retrieve_user_by_email('you@example.com') if client_response.was_successful(): print(client_response.success_response) else: print(client_response.error_response)
Can you try adding this code just after you call
client.exchange_o_auth_code_for_access_token
?if resp.was_successful(): print("success") print(resp.success_response) else: print("error") print(resp.error_response)
And let me know what you see when running your flask server.
-
@dan That is correct. Below is the output on flask server:
<Response [401]> error <Response [401]> 74.15.29.84 - - [24/Aug/2020 15:46:33] "GET /oauth-callback?code=q0AEmFiDNOjWiGlBa64Ea7MI2BlwotSh7AAcqqjWSt4&locale=en_US&userState=AuthenticatedNotRegistered HTTP/1.1" 200 -
-
@nishant said in Trouble getting the user object post login:
&userState=AuthenticatedNotRegistered
There's the issue. Are you sure that you:
- registered the user to the application
- are passing the correct client id for the application
Because it seems like FusionAuth recognizes the user, but not that they are registered to the application.
Can you double check both of those? (I know you checked that the user was registered before, but can you double check?)
-
@dan Thanks for the response. I did double check my application code and there was a client id mismatch in one of the URIs in my application code. I fixed that. However I'm still getting
401
. Below is the flask server output:<Response [401]> error <Response [401]> 74.15.29.84 - - [25/Aug/2020 22:43:04] "GET /oauth-callback?code=9E2MtFiIkFTS1uRBDjNXIOwLDuefGNLMqreSo1gZL2A&locale=en_US&userState=Authenticated HTTP/1.1" 200 -```
As you can see the state has changed to
Authenticated
now. -
Hiya,
Thanks for your patience. I'm not quite sure what is going on.
Can you provide your code in a github repo or other place I can take a look at the whole project, please?
-
@dan No worries! Thanks for all your help! You can download the application zip file from here. As you'll notice, its a pretty simple app. Also I've replaced all the
ip addresses
andids
for security reasons so while the app won't run as is, you would still be able to get an idea of the functionality. Thanks again for your continued support! Hoping to resolve this soon! -
@dan Hi Dan, just circling back. Did you have a chance to look into this? Thanks!
-
OK, I did take a look.
The issue is that there was a recent change to the client library which switched the order of arguments.
This is the set of arguments that worked for me:
resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), "http://localhost:5000/oauth-callback", client_id, client_secret)
But I asked the engineering team when they'd be releasing the newest version of the libs, which will change it to
resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), client_id, "http://localhost:5000/oauth-callback", client_secret)
client_id
andredirect_uri
swapped places.Once I did that, when I logged in, I saw:
success {'access_token': 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRkMDYxMjY4YWMifQ.eyJhdWQiOiIzODU1ZGMyMC0yNzQ3LTQwYzEtYTUyMC1hODc3NzYxYmY5YjYiLCJleHAiOjE1OTg2Mzk2MTMsImlhdCI6MTU5ODYzNjAxMywiaXNzIjoiYWNtZS5jb20iLCJzdWIiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMDAwMDAwMDAwMDQiLCJqdGkiOiIwYWYzNDlkMy04ZTQ5LTQ0ZDEtYmE5NS04NmM2N2I4NzAzODkiLCJhdXRoZW50aWNhdGlvblR5cGUiOiJQQVNTV09SRCIsImVtYWlsIjoiZGluZXNoQGZ1c2lvbmF1dGguaW8iLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwiYXBwbGljYXRpb25JZCI6IjM4NTVkYzIwLTI3NDctNDBjMS1hNTIwLWE4Nzc3NjFiZjliNiIsInJvbGVzIjpbXX0.RXdPUtk_vtRbNva__O8OBLFdUv8aZubewkXmK9Pnr2g', 'expires_in': 3599, 'token_type': 'Bearer', 'userId': '00000000-0000-0000-0000-000000000004'}
If you want to get further user info, you can use the
userId
to look stuff up via the APIs. You could also make a request to theUserinfo
endpoint, but if you do so, you need to request theopenid
scope initially.I also noticed that the API call was failing. Make sure you create your client with the API key, which is different than the client id:
client = FusionAuthClient('APIKEY', "http://localhost:9011")
Will let you know what I hear back, but until then you should look at https://github.com/FusionAuth/fusionauth-python-client/blob/1.18.0/src/main/python/fusionauth/fusionauth_client.py to see the proper order of args, because that is the published version.
-
OK, we just released 1.18.8 and that is the version you want to use:
In
requirements.txt
:fusionauth-client==1.18.8
And then this is the call you want to make (with
client_id
beforeredirect_uri
) :resp = client.exchange_o_auth_code_for_access_token(request.args.get("code"), client_id, "http://localhost:5000/oauth-callback", client_secret)
-
Thanks Dan! It all works now.
-
Thanks all for this - I too fell into the trap. It looks like the docs I was following have the wrong signature for the
exchange_o_auth_code_for_access_token
function: https://fusionauth.io/blog/2020/07/14/django-and-oauthIt should of course read:
r = client.exchange_o_auth_code_for_access_token( code, settings.FUSION_AUTH_APP_ID, redirect_url, settings.FUSION_AUTH_CLIENT_SECRET, )
(incidentally, the docs use CLIENT_ID in this function call, but never actually try to set it - so it should be APP_ID as here)
-
Thanks @ralph . I just updated the site ( https://github.com/FusionAuth/fusionauth-site/pull/247 ) and the fixes should go out in a day or so.
-
@dan Thank you for your support. Fixing the signature just saved me another couple of hours (also coming from https://fusionauth.io/blog/2020/07/14/django-and-oauth/) ^^